...
/Storing Passwords When You’re the Client
Storing Passwords When You’re the Client
In this lesson, we will study the proper way to store passwords as a client.
We'll cover the following...
So now we have four perfectly good password-hashing algorithms we can use. They’re so good it’s tempting to think that we’ve solved password storage for all use cases. Unfortunately, that’s not the case. We can only use these for hashing the passwords of clients that authenticate to us. If we need to authenticate to another system, we can’t use these password-hashing algorithms because they’re one-way only. We can never get the passwords back from a hash. So we’ll need another approach for storing passwords that we need to present to other systems.
Storing passwords on servers
How should we store passwords that are used by our servers to connect to other servers? Perhaps we could encrypt them before we store them on disk. That sounds good, but it ...